On 10/23/19 3:37 PM, Jatin Bhasin wrote:
> This question is related to ssl decryption and ecap adaptation call.
> When the ssl connection starts then before it even extracts sni squid sends
> fakeConnect which comes to ecap as well.
Yes, this happens during SslBump step1 as described at
https:/
Hi All,
This question is related to ssl decryption and ecap adaptation call.
When the ssl connection starts then before it even extracts sni squid sends
fakeConnect which comes to ecap as well.
I am using peek in step 1 and after fakeConnect squid extracts the sni, but
at this point squid does no
On Wed, Oct 23, 2019 at 1:06 PM Amos Jeffries wrote:
>
> First problem with these rules is they depend on an IP address. IP is
> the one detail guaranteed not to match properly when TPROXY spoofing is
> going on.
Thank you for giving me clues.
Actually, my whole setup was OK except for one detail
On 23/10/19 1:23 am, Vieri Di Paola wrote:
> On Tue, Oct 22, 2019 at 1:48 PM Amos Jeffries wrote:
>>
>> I do not see any DIVERT rule at all in your firewall config dump. That
>> is at least part of the problem.
>
> I opened the previous dump and saw the divert rules here below:
>
> Chain PREROUTI
On 23/10/19 3:14 pm, Marcelo Rodrigo wrote:
>
> The way this setup is even if I visit simple websites like
> http://www.meuip.com.br it will show the V4 instead of V6 address.
> I have to find a way to force tcp_outgoing_address to really go out just via
> V6 in a way that V4 cannot be seen.
Th
